Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is there a plugin to show commits, PRs stats but not allowing access to the source code?

Julian Davchev
Julian Davchev August 26, 2021

Hello everyone,

I see lots of plugins that offer fancy reports, and graphs to visualising stats based on a bitbucket repositories - e.g. commits per user, how quickly PRs are closed, etc.

All plugins I found are third party, and looking closely, they actually have full access to the source code.

Is there a reliable plugin that should not be concerned about leaking out source code to 3rd parties? I was looking for something written by Atlassian for example, but couldn’t find such.

Any suggestions are more than welcome.

 

Best,

Julian

Answer
Watch
Like Be the first to like this
402 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 30, 2021

Hi Julian,

I'm afraid that we don't have a plugin developed by Atlassian that shows such statistics.

If there is a certain plugin that you'd be interested in using, you can find its listing in Atlassian Marketplace and this listing usually has the contact details of the vendor. If you'd like, you can then contact the vendor with any questions regarding the privacy and security policies for their plugin.

Kind regards,
Theodora

View More Comments
Julian Davchev
Julian Davchev August 31, 2021

Hi Theodora, thank you for the feedback.

 

I've contacted the vendors and of course all claim that they don't use the source code and only use the commits metadata to create  the stats.

We're looking for  a security mechanism that will actually prevent 3rd parties from reading the source code. Perhaps bitbucket does not allow such granularity.

 

For example:

awesome graphs - https://docs.stiltsoft.com/awesome-graphs/cloud/faq/privacy-policy:

 

Upon the installation of Awesome Graphs for Bitbucket Cloud (the “App”), you grant the Read access to the following REST API scopes: “repository”, “account”, “pullrequest”, “email”, “webhook”. The App receives access (i) to read repositories of the workspace in which the App is installed, their pull requests and account information, (ii) to read and modify repositories' webhooks, and (iii) to read the workspace’s name, members and its repositories.

 

Reading through this, they essentially gain access to everything in the repositories.

 

Best,

Julian

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 1, 2021

Hi Julian,

I'm afraid that we don't have such granularity in scopes, there is no scope that allows read access only to commits but not to the source code. I can open a feature request for that if you'd like for our development team to consider, please feel free to let me know if you'd like me to proceed with that.

Kind regards,
Theodora

Like
Julian Davchev
Julian Davchev September 1, 2021

This would be great Theodora, thank you.

I can't think of any other way to be able to rely on those tools security wise, they should have much limited scope.

Julian

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 3, 2021

Hi Julian,

Thank you for the feedback.

I went ahead and created the following feature request in our issue tracker:

You are more than welcome to leave any comments on that ticket as well. I would also suggest adding your vote (by selecting the Vote for this issue link) as the number of votes helps the development team and product managers better understand the demand for new features. You can also add yourself as a watcher (by selecting the Start watching this issue link) if you'd like to get notified via email on updates.

If you have any other questions, please feel free to let me know.

Kind regards,
Theodora

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events